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Abstract — We present a new quasigroup based block encryp- 
tion system with and without cipher-block-chaining. We compare 
its performance against Advanced Encryption Standard-256 
(AES256) bit algorithm using the NIST statistical test suite 
(NIST-STS) that tests for randomness of a sequence. Since it 
is well known that a good encryption algorithm must destroy 
any statistical properties of the input sequence and produce an 
output close to a true random sequence, the NIST-STS suite 
results provide a good test bench. In almost all tests from the 
suite the proposed algorithm performs better than AES256. 

I. Introduction 

Sensor networks provide a challenging area of research, 
because of constraints such as low computational power, low 
memory capacity and limited communication ranges. As their 
popularity for various applications such as border surveillance, 
patient health monitoring, surveillance and environment data 
collection increases, the demand for security and privacy also 
increases. Moreover, now a days smart-phones have several 
sensors within them that may be used to monitor health 
conditions and used for emergency purposes. In this case, 
security, integrity and privacy of data that is being transmitted 
are of utmost importance. 

The most popular method for encryption in sensor networks 
is the use of secret key encryption systems such as Triple 
DES or AES fl4l . Ifl3ll . This is because secret key algorithms 
have much lower computational requirements compared with 
public-key systems, which is crucial especially in resource 
constrained environments such as sensor networks. In this 
paper we develop a new secret key encryption scheme, that is 
ideally suited for encryption in low computational and memory 
constrained environments. We run statistical tests on both the 
input and output streams, testing them for randomness using 
the NIST-STS package. The test results are compared with the 
popularly used Advanced Encryption Standard 256 (AES-256) 
bit encryption. The results show equal or better performance 
under all tests and that the encryption method is very good in 
destroying the structure of the input sequence. 

Quasigroups are similar to Sudoku and Latin squares. They 
have been previously investigated for their application to en- 
cryption. Gligoroski et. al. J6), (8), Q looked at stream cipher 
and public key implementations of quasigroups. A multi-level 
quasigroup implementation was proposed by Satti and Kak 



lfl6l where they used different sizes of quasigroups to encrypt 
data. They combined it with indices and nonces to improve 
on the strength of the encryption. However, their system also 
focuses on a stream cipher implementation. Marnas et. al. 
ifTTI implement a quasigroup all-or-nothing system. However, 
they only use quasigroup encryption to replace the XOR 
operation used within other all-or-nothing system, hence in the 
end the actual encryption is done using other cryptosystems. 
Quasigroups have also been applied to error correction |9j and 
in construction of message authentication codes (MAC) (T). 

One may view quasigroup transformation as a substitution 
and permutation operation. These transforms form the basis 
of numerous encryption systems specially in speech encryp- 
tion [12 1, (3|. Further, public key systems such as NTRU 
iflOll and elliptic curve cryptosystems [2] have lower power 
consumptions compared to RSA however compared to secret 
key systems they are much more computationally expensive. 
Moreover, the algorithms proposed in this paper do not require 
any computations to be performed but only table look up 
operations for encryption and decryption. 

To our knowledge, this is the first quasigroup block encryp- 
tion algorithm similar in strength to AES with advantages in 
both computational and memory requirements over the latter. 

II. Background on Quasigroups 

Quasigroups used in cryptography consist of an n x n matrix 
consisting of permutations of elements of a finite field Z n 
such that no element repeats in any row or column and all 
elements appear in every row and column. Here n is called 
the order of the quasigroup. Commonly chosen value of n is 
256 such that it allows for us to work with the input stream 
at byte level. Quasigroups support an operation, denoted by •, 
for any two elements in the matrix such that a corresponding 
inverse operation, denoted by \, exists. For example, for any 
two elements x and y, the following holds true: x-y = x-z => 
y = z and y ■ x — z ■ x ^ y = z. Further, x ■ y = z implies 
y = x\z. 

The • and \ operations are table lookup operations as 
illustrated by the following example of the working of a 
conventional quasigroup cipher implementation. 

Example 1: Table 1 presents a quasigroup of order 6. The 
left most column and the top most row are index numbers. An 
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TABLE I 
A QUASIGROUP OF ORDER 6. 
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TABLE II 

Inverse for the quasigroup in Table I. 

initial seed element is chosen, say s — 3, and let the input data 
stream be represented by {mi, m,2, m^, 7715, mg, 1717, ms} 
= {1, 5, 4, 2, 6, 4, 5, 3}. Then the encryption process produces 
an encrypted output stream {ci, C2, C3, C4, C5, eg, C7, eg} as 
follows, 

Quasigroup Encryption 

1. Let qGroup[][] represent the quasigroup matrix 

2. To encrypt to,s do, 

Set ci = qGroup[s][mi] 
For i > 1, repeat until all m^s are encrypted 
q = qGroup[ci_i][mi] 
Execution of the encryption operation for the given input 
stream is shown below: 
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The above encryption operation is a table look up operation 
over table 1 . 

For the decryption operation, inverse quasigroup matrix is 
constructed (table [n}. To construct the invQGroup[][] matrix, 
do the following: in the j th column of the i th row in 
invQGroup[][] matrix write the column number of element 
j from the i th row in qGroup[][]. 

To decrypt do the following, 

1) mi = invQGroup[s][ci] 

2) For i > 1, do until all CjS are decrypted 

• m,i = invQGroup[ci_i][ci] 
In general, the direct application of the above encryption al- 
gorithm is very effective in randomizing the input data stream. 



However, given an input data stream and its corresponding 
output data stream a known plain text attack can be launched 
because qGroup[ci_i] [mi\ = Ci. If a long enough mapping 
is available it may be possible to fill in a significant number 
of elements in the quasigroup matrix, thereby decreasing the 
number of possibilities for the group. This is a weakness as 
the security of the above encryption depends on keeping the 
quasigroup secret. 

III. Proposed Algorithm 1: Quasigroup Block 
Cipher 

In order to make quasigroup similar in functionality to the 
popular AES system, we use 32 different seeds for each round 
of encryption. Multiple rounds of encryption with different 
seeds in different rounds finesse the known-plaintext attack 
and provide a higher level of security, as in the case of Triple 
DES and AES. We choose 32 seeds, because we assume that 
each seed is one byte in size and 32 bytes is equal to 256 bits, 
which is the commonly used key length for AES systems. 

In order to introduce dependencies between bytes of input 
data, we divide the data into 128 bit (16 byte) blocks and 
encrypt each block separately using Algorithm 1. 

Algorithm 1 

1) Construct a 256x256 size quasigroup. 

2) Generate a random 256 bit encryption key and divide it 
into 8 bit (1 byte) blocks which will be used as seed 
elements at every round of encryption. This results in 
32, 1 byte, seeds. 

3) Divide the source data into 128 bit (16 byte) blocks 

4) For each block do the following: 

a) For each 8-bit block in the cipher key do the 
following: 

i) Using the current block as a stream of 16, 8- 
bit integers, apply the current 8-bit key as the 
quasigroup cipher seed and encrypt the block. 

ii) Left shift the currently encrypted block by 1, 
3, 5 or 7 bits depending on the index of the 
current 8-bit key block modulo 4. 

Note that although each block is 128 bits long, when 
applying quasigroup encryption we further divide the block 
into 16, 1 byte sub-block. After every round of encryption, 
all the bits (in the sub-blocks) are taken together and then 
rotation is applied before the procedure is repeated. A pseudo 
code is given below: 

Let BlockSize = 16 
Let KeySize = 32 

Define Shif tDistance as [1,3,5,7] 
Define QGMS as Array (256, 256) 
Define Key as Array (KeySize) 
Define Source as Array (N, BlockSize) 
Define Output as Array (N, BlockSize) 
For Each Block in Source 
CipherText = Block 



For Each K in Key 

CipherText = QuasiGroupCipher (QGMS , K, 

CipherText) 
CipherText = LeftShift (CipherText , 
ShiftDistance [ IndexOf (K, Key) 
Modulo 4] ) 

Next K 

Output [ IndexOf (Block, Source) ] = CipherText 
Next Block 

The shift distances of 1, 3, 5, and 7 are each relatively 
prime to 2 and thus to 8 (size of a byte). Their sum is 16 
(size of 2 bytes) and if each shift is applied 8 times, their sum 
becomes 128, which is equal to the block size of 128 bits 
(16 bytes) into which the input data was divided. Therefore, 
one full rotation of block occurs with shifts of 1, 3, 5 and 
7 when all the 32 seeds are used. This ensures that all the 
bytes in the encrypted block become interdependent. 

A. Test Implementation 

A test implementation was written in C#.net, because of 
the popular adoption of the pre-existing AES cipher suite 
inbuilt in C#. Additionally, Microsoft Visual Studio 2010 
has built in unit-testing facilities, which combined with Test- 
Driven-Development, produced well-tested code in reduced 
increments of time. The test implementation has the ability to 
overwrite the plaintext buffer, in place, limiting the memory 
footprint required to encode a buffer. The quasigroup matrix is 
generated using the Knuth/Fisher- Yates Shuffle [5 1. Keys were 
generated using random-number generator, System. Random, 
allocating 16 random bytes per request. Both the encryption 
and decryption routines were constructed and tested. 

B. Analysis 

We used the National Institute of Technology - Statis- 
tical Test Suite (NIST-STS) suite to evaluate the random- 
ness introduced by the system in the cipher. The NIST- 
STS package gives a P-value for various standardized tests. 
The P-value is the probability that a perfect random number 
generator would have produced a less random sequence than 
the one being tested [15|. Control tests were performed 
against the plain text source. The NIST-STS test suite is 
available freely in C source code, and downloadable from 
http://csrc.nist.gov/groups/ST/toolkit/rng/index.html The tool 
can be configured to read a source file as a stream of bits, and 
evaluate the randomness of that stream. We report the results 
for the following tests - approximate entropy, block frequency, 
cumulative sums forward (CS-F) & cumulative sums reverse 
(CS-R), fast fourier transform, frequency, longest run, runs, 
rank and serial 1 and serial 2; where the parameters used for 
the tests are given in table IIII-BI 

Each test, upon successful completion, produced a P-value 
result which is to be interpreted as above. If a P-value for a test 
is determined to be equal to 1, then the sequence appears to 
have perfect randomness. A P-value of zero indicates that the 



Block Frequency Test - block length(m) 


128 


Non-overlapping Template Test - block length(m) 
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Overlapping Template Test - block length(m) 
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Approximate Entropy Test - block length(m) 


10 


Serial Test - block length(m) 
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Linear Complexity Test - block length(m) 
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TABLE III 
Parameters for the NIST-STS test 



sequence appears to be completely non-random [ 15 1. However, 
both P-values of 1 and are failure conditions in the tests. 

Table [TV] shows the P-values for the various tests. In the 
table the first three columns show the average P-values for 
all zero (0x00) input, all OxFF input and a text taken from 
Aesop fables ("From the Goose and the Golden Eggs"). The 
first column lists the various tests done, second column is 
the average P-values for encryption of all three inputs using 
quasigroups, third column is the average P-value for all three 
inputs using AES and the third column is the ratio of the 
P-value of encryption using quasigroups to that using AES 
multiplied by 100. The last four columns are P-values for all 
zero (0x00) and OxFF inputs. 

IV. Proposed Algorithm 2: Quasigroup Block 
Encryption with Cipher Block Chaining 

To improve the performance of quasigroup block ciphers 
in the Approximate Entropy, Serial 1 and Serial 2 tests, we 
extended algorithm 1 to include cipher block chaining (CBC). 
Mathematically, CBC is written as: 

C := e(k, M © iv) 

C n+1 := e(k,M n+1 ®C n ) 

Where, C n : an indexed cipher text block, M n : an indexed 
plain text block, k: the cipher key (here seed), iv: A random 
initialization vector, where \iv\ = \C n \ = \M n \, e(k,m): the 
encryption function, QGBC in this case. 

A. Test Implementation 

After implementing quasigroup block cipher with cipher 
block chaining, tests were repeated 20 times using a 256 
bit random key (32, 1 byte seeds) each time. The resulting 
encrypted data was tested for randomness using the NIST-STS 
test suite, using the same parameters as before. 

Table [V] compares a average P-value results from the 
NIST-STS test suite. The quasigroup block cipher with CBC 
outperformed AES256 with CBC in almost all cases. 

It is to be noted that the variance of P-values between 
different test results may be misleading, as each test has 
different acceptance tolerance for P-values. 

B. Test on Audio Input 

Since sensors may be used to collect audio sig- 
nals we perform the encryption operation using quasi- 
groups on an audio input file. The source (taken from 



Test 


P-value 


P-V£iluc 


P_va1iip OCt as 


All 0x00 

ill] V_7 /\ V_7 V./ 


All 0x00 

nil vavu 


All OxFF 

fill UAl 1 


All OxFF 

fill V_7 /\ 1 1 




for QG 


for AES 


% of P-value of 
AES 


input AES 


input QG 


input AES 


input QG 


Block 


0.57189 


0.53593 


106.71 


0.59109 


0.57530 


0.48253 


0.64041 


Frequency 
















CS-F 


0.47759 


0.45340 


105.33 


0.47739 


0.42955 


0.36766 


0.50679 


CS-R 


0.47995 


0.46111 


104.08 


0.48052 


0.43870 


0.36949 


0.49906 


FFT 


0.15798 


0.15622 


101.12 


0.03377 


0.043198 


0.05215 


0.05501 


Frequency 


0.40314 


0.40006 


100.77 


0.38935 


0.34988 


0.29779 


0.39156 


Longest Run 


0.30803 


0.29188 


105.53 


0.24881 


0.21313 


0.17118 


0.27998 


Runs 


0.40384 


0.40136 


100.62 


0.37347 


0.37045 


0.38143 


0.35849 



TABLE IV 

The table shows average P- values (over 20 RUNS) for quasigroup encryption as compared TO AES256 ENCRYPTION SYSTEM when the 

SAME ENCRYPTION KEY IS USED FOR BOTH CRYPTOSYSTEMS WITHOUT ClPHER-BLOCK-CHAINING (CBC). 
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TABLE V 

THE TABLE SHOWS AVERAGE P- VALUES (OVER 20 RUNS) FOR QUASIGROUP ENCRYPTION AS COMPARED TO AES256 ENCRYPTION SYSTEM WHEN THE 
SAME ENCRYPTION KEY IS USED FOR BOTH CRYPTOSYSTEMS WITH ClPHER-BLOCK-CHAINING (CBC). 



http://www.nch.com.au/acm/llkl6bitpcm.wav) and the en- 
crypted audio waveforms are plotted in Figures Q] and |2] 
respectively. As we can see the quasigroup encryption system 
is very good at distributing the amplitude of the audio signal 
over the entire range. 

We further perform a comparison of the randomness of 
the signal using the NIST-STS and tabulate the results for 
the various tests in Table |VI] We see that in most cases 
the quasigroup block cipher with CBC randomizes the input 
waveform much more than AES256 does, especially in the 
case of Fast Fourier Transform (FFT) tests. 
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TABLE VI 

P- VALUES FOR THE AUDIO ENCRYPTION USING QUASIGROUP ENCRYPTION 
AND AES256. 



Fig. 1 . Plot of original input audio waveform 
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Fig. 2. Plot of encrypted output audio waveform 
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TABLE VII 

Number of reduced latin squares of order 2 to 15. 

V. On Theoretical Security of Quasigroup Ciphers 

The total number of Latin squares of order n, n > 2, is 
given by LS(n) = nl(n — l)!T(n), where T(n) denotes the 
number of reduced Latin squares of order n. The numbers 
T(n) and LS(n) increase very quickly with n lfl6l . Table I VIA 
gives the number of reduced Latin squares. 

From table IVIIII we see that the number of possibilities for 
the Lsatin squares is astronomical. Therefore, if the quasigroup 
is kept secret along with the 256 bit key (32 random seeds) 
the system provides very good security. 

VI. Conclusion and Future Work 

In this paper we have proposed algorithms for implementa- 
tion of quasigroup block cipher. The strength of the algorithms 
was assessed by assessing the randomizing property of the 
system and the use of statistical test suite by NIST (NIST- 
STS). Results of the simulations are tabulated and it is 
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TABLE Vin 

Bounds for number of Latin squares for orders 16, 32, 64, 128 
and 256. 



observed that in almost all the cases the output generated by 
the quasigroup encryption system is as or more random than 
that produced by AES256 for the same encryption key used. 
The results presented were for average P-values over 20 runs 
for all zero (0x00) input, all OxFF input, and an Aesop fable. 
We also performed tests on audio input and results have been 
presented. 

In future work, we intend to perform cryptanalytic attacks 
on the proposed quasigroup algorithms. We would also like 
to make the quasigroup matrix public with only 32 seeds kept 
secret. A research question would be to see what is a good 
candidate for a quasigroup (out of numerous possibilities) 
when it is public |4|. We also intend to look into FPGA 
implementations of the proposed system. 
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